Advertisement

Armies of pro-Trump Twitter bots are now promoting WikiLeaks’ CIA dump

The Twitter bots we saw during the presidential campaign have found a new topic to direct their focus on.
Credit: Alan O'Rourke CC2.0

An army of pre-programmed Twitter accounts — many of which are actively associated with online campaigns to post pro-Donald Trump content — are now actively promoting a cache of leaked CIA files published last week by WikiLeaks, according to new research.

About 32,000 unique Twitter accounts — more commonly known as “bots” — tweeted more than 170,000 times using the #Vault7 hashtag on March 8, the day the leaked information was made public. The #CIAHacking hashtag was also used in another 3,800 tweets authored by 2,600 bot accounts.

The network was identified by social media researcher Vlad Shevtsov, who used a software tool to analyze upwards of 44 million tweets; looking for “multiple synchronous operations” to identify “automatic control of an artificial audience.” He described his methodology in greater detail in a blog post written earlier this month.

Many of the same bots creating tweets around Vault 7 can also be traced back to a larger network of automated accounts that worked to popularize negative stories, memes and other content about Sen. Ted Cruz, R-Texas, during the 2016 U.S. presidential campaign, Shevtsov said.

Advertisement

All 32,000 bots similarly follow one of two Twitter accounts — @Don_Vito_08 or @LindaSuhler. Both accounts are “related with pro-trump botnets and [have been] used for launching and escalating media scandals,” said Shevtsov, the founder of social media research firm Social Puncher and the blog “SadBotTrue.”

Patrick Ruffini, co-founder of digital intelligence firm Echelon Insights, was among the first to identify the @Don_Vito_08 account as a cog in a pro-Trump network.

The @Don_Vito_08 handle first became famous when Trump, while on the campaign trail, retweeted an image posted by the account that compared the appearance of Melania Trump to Cruz’s wife, Heidi.

“All of these bots are active retweeters; they are mostly sharing links and tweets with hashtags and liking each other’s posts,” Shevtsov explained. “The bots are used for imitation of mass endorsement and manipulation [of trending results].”

The leaked CIA library — which WikiLeaks claims to have acquired from a disgruntled defense contractor — contains information about exploits used by the spy agency to exploit several popular software and hardware products. Among other things, the document dump revealed a CIA resource named “Umbrage,” which appears to function as a repository for catalogued, reusable malware samples.

Advertisement

Some of the #Vault7 and #CIAHacking tweets authored by the bots mischaracterize content in the leaked archive. One of the more popular conspiracy theories being forwarded by these bots so far — which was also identified by The Daily Beast — suggests that the CIA hacked the Democratic National Committee and framed Russia as part of an elaborate false flag operation. In this context, the bots have pointed to Umbrage  as evidence that the CIA cannot be trusted when it comes to attribution.

Examples of Tweets discussing Umbrage

On Jan. 6, the Office of the Director of National Intelligence published a declassified 25-page report about Russian hacking operations aimed at the U.S. presidential election. In the report, the U.S. intelligence community noted that Russian intelligence services not only breached U.S. political organizations but also weaponized some of the information they obtained by distributing that material into media channels.

It remains unclear who is controlling the elaborate, propaganda-inducing network now being used to promote WikiLeaks’ Vault7 release.

Advertisement

Samuel Woolley, the director of research for the Computational Propaganda Project at the University of Oxford, told CyberScoop it is “very tricky to draw conclusions” about where bots originate and who may control them.

“Location stamps on Twitter accounts, and those on posts, can be easily forged and most of the more sophisticated bot makers use VPNs to prevent IP tracking,” said Woolley. “Research shows that lone citizens, civic groups, and small firms in the U.S. that have built, launched, or sold bots that attempt to manipulate public opinion during the election. Bots can also be bought on sites like Fiverr, and those could be build in Russia, India, Vietnam, or any number of countries.”

According to a newly released study by the University of Southern California, as much as 15 percent of Twitter accounts are controlled by software instead of humans — translating into 48 million dummy accounts for a website with just 319 million active users per month.

“The market for online automation is global,” Woolley said. “It’s safe to say that one of the most interesting aspects of Twitter bots is that anyone with rudimentary coding knowledge can launch them using the Twitter API. More complicated [bot networks], those targeted at specific events like the Crimea crisis or the U.S. presidential election, show sophistication in terms of intent or purpose and are therefore likely build and launched by political actors with more financial and intellectual capital.”

Latest Podcasts